Information Security & Privacy Policy
Last updated: March 16, 2022
1. Introduction & Scope
We have adopted an Information Security & Privacy Management System (ISPMS) as part of our commitment to demonstrate the application of the highest level of security within the services we deliver to our clients.
EXEO is a leading managed services and cloud solutions provider. We help clients migrate and adopt cloud services in a secure way, We commit to enhancing the way our clients work by implementing digital and automation-based services.
EXEO was founded in 2012 in Beirut where we started serving clients in the Middle-East and in Africa, and in 2020 we opened our office in France and started delivering services to clients in Western Europe.
Our strategy is aligned on the following three pillars:
- Agile IT: committed to chaperone our clients in migrating and adopting agile technology tools and services in order to enhance the way they work;
- Cybersecurity: implementing security in every aspect of our services, identifying and protecting assets, detecting and responding to threats;
- Digital: once we have built a solid and secure technology foundation, we can help clients adopt agile applications to digitize business processes.
The way we work at EXEO is based on an intimate understanding of clients infrastructure and an immersion in their operations which subsequently requires the development of world class and no-compromise security methodologies to guarantee safe, secure and private delivery of services.
2. ISPMS Policy Statement
We at EXEO, our legal entities EXEO SAL, EXEO OFFSHORE SAL and SAS EXEO have adopted an Information Security & Privacy Management System (ISPMS) as part of our commitment to demonstrate the application of the highest level of security within the services we deliver to our clients.
We are committed to safeguarding the confidentiality & privacy of information we process, ensuring the integrity of the data and the maximum availability of our services. This commitment is inline with our adherence to the ISO 27001:2013 information security and ISO 27701: 2019 information privacy standards and compliance with all applicable regulations, with the objective of protecting our clients and our assets from information security threats, whether internal or external, deliberate or accidental.
Security is carved inside the DNA of EXEO, it is incorporated in every service we deliver, every employee we recruit, every report we generate and every deliverable we produce to our clients.
The commitment of the leadership of EXEO is summarised in the following points:
- A strict talent recruitment and management process emphasising our sensitivity to confidential information and compliance;
- A controlled physical environment and asset management process;
- An agile project management methodology incorporating securting in every aspect of projects;
- A development methodology based on secure coding;
- An information technology secure management framework based on current and projected information security threat environment;
- A business continuity plan constantly adapted to ongoing risks;
- An internal audit discipline based on an information classification policy;
- A culture of Personal Identifiable Information protection practice embedded in our security policies.
We, EXEO, implement a process of continuous improvement in all aspects of operations and will make sure that this policy is reviewed once a year or whenever it is needed based on developments in cybersecurity, whichever comes first.
This policy is communicated internally to all members of EXEO. Each member formally commits to follow the rules, procedures and recommendations of this policy in his duties. It is the responsibility of employees to implement every aspect of this policy, for the managers to provide guidance to their teams and for the CEO to make sure this policy is implemented and reviewed on an annual basis.
3. Responsibilities
Exeo Corporate Governance Committee is responsible to monitor and improve the established management system policies and procedures and establish processes for handling deviations and exceptions.
4. Review of the policies for information security
This policy is reviewed at planned intervals or if significant changes occur to ensure its continuing suitability, adequacy and effectiveness.
The policy review takes the results of management reviews into account.